From 953fe44f7cc25cfe290e8bf204f7baed62f28071 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 23 Jun 2017 15:35:17 +0200 Subject: [PATCH 1/3] confile: properly namespace security keys - lxc.aa_profile => lxc.apparmor.profile - lxc.aa_allow_incomplete => lxc.apparmor.allow_incomplete - lxc.se_context => lxc.selinux.context The legacy keys will be kept around until LXC 3.0 and then will be removed. Signed-off-by: Christian Brauner --- src/lxc/Makefile.am | 4 +- src/lxc/conf.c | 1 + src/lxc/confile.c | 282 +++++++++--------- ...file_network_legacy.c => confile_legacy.c} | 80 ++++- ...file_network_legacy.h => confile_legacy.h} | 25 +- src/lxc/confile_utils.c | 20 ++ src/lxc/confile_utils.h | 2 + src/lxc/lxccontainer.c | 2 +- src/tests/parse_config_file.c | 38 ++- 9 files changed, 299 insertions(+), 155 deletions(-) rename src/lxc/{confile_network_legacy.c => confile_legacy.c} (92%) rename src/lxc/{confile_network_legacy.h => confile_legacy.h} (78%) diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 588c9f38b..ea1982ea7 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -21,7 +21,7 @@ noinst_HEADERS = \ caps.h \ conf.h \ confile.h \ - confile_network_legacy.h \ + confile_legacy.h \ confile_utils.h \ console.h \ error.h \ @@ -104,7 +104,7 @@ liblxc_la_SOURCES = \ namespace.h namespace.c \ conf.c conf.h \ confile.c confile.h \ - confile_network_legacy.c confile_network_legacy.h \ + confile_legacy.c confile_legacy.h \ confile_utils.c confile_utils.h \ list.h \ state.c state.h \ diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 881a68829..7ecfc82ec 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1455,6 +1455,7 @@ static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs, } else { DEBUG("cleared all (%d) mounts from \"%s\"", ret, path); } + ret = unlink(path); if (ret < 0) { SYSERROR("error unlinking %s", path); diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 97583f7f7..cfad6c5a8 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -45,7 +45,7 @@ #include "parse.h" #include "config.h" #include "confile.h" -#include "confile_network_legacy.h" +#include "confile_legacy.h" #include "confile_utils.h" #include "utils.h" #include "log.h" @@ -93,24 +93,24 @@ static int get_config_kmsg(const char *, char *, int, struct lxc_conf *, void *); static int clr_config_kmsg(const char *, struct lxc_conf *, void *); -static int set_config_lsm_aa_profile(const char *, const char *, - struct lxc_conf *, void *); -static int get_config_lsm_aa_profile(const char *, char *, int, - struct lxc_conf *, void *); -static int clr_config_lsm_aa_profile(const char *, struct lxc_conf *, void *); +static int set_config_apparmor_profile(const char *, const char *, + struct lxc_conf *, void *); +static int get_config_apparmor_profile(const char *, char *, int, + struct lxc_conf *, void *); +static int clr_config_apparmor_profile(const char *, struct lxc_conf *, void *); -static int set_config_lsm_aa_incomplete(const char *, const char *, - struct lxc_conf *, void *); -static int get_config_lsm_aa_incomplete(const char *, char *, int, - struct lxc_conf *, void *); -static int clr_config_lsm_aa_incomplete(const char *, struct lxc_conf *, - void *); +static int set_config_apparmor_allow_incomplete(const char *, const char *, + struct lxc_conf *, void *); +static int get_config_apparmor_allow_incomplete(const char *, char *, int, + struct lxc_conf *, void *); +static int clr_config_apparmor_allow_incomplete(const char *, struct lxc_conf *, + void *); -static int set_config_lsm_se_context(const char *, const char *, - struct lxc_conf *, void *); -static int get_config_lsm_se_context(const char *, char *, int, - struct lxc_conf *, void *); -static int clr_config_lsm_se_context(const char *, struct lxc_conf *, void *); +static int set_config_selinux_context(const char *, const char *, + struct lxc_conf *, void *); +static int get_config_selinux_context(const char *, char *, int, + struct lxc_conf *, void *); +static int clr_config_selinux_context(const char *, struct lxc_conf *, void *); static int set_config_cgroup(const char *, const char *, struct lxc_conf *, void *); @@ -424,98 +424,107 @@ static int get_config_limit(const char *, char *, int, struct lxc_conf *, static int clr_config_limit(const char *, struct lxc_conf *, void *); static struct lxc_config_t config[] = { - { "lxc.arch", set_config_personality, get_config_personality, clr_config_personality, }, - { "lxc.pts", set_config_pts, get_config_pts, clr_config_pts, }, - { "lxc.tty", set_config_tty, get_config_tty, clr_config_tty, }, - { "lxc.devttydir", set_config_ttydir, get_config_ttydir, clr_config_ttydir, }, - { "lxc.kmsg", set_config_kmsg, get_config_kmsg, clr_config_kmsg, }, - { "lxc.aa_profile", set_config_lsm_aa_profile, get_config_lsm_aa_profile, clr_config_lsm_aa_profile, }, - { "lxc.aa_allow_incomplete", set_config_lsm_aa_incomplete, get_config_lsm_aa_incomplete, clr_config_lsm_aa_incomplete, }, - { "lxc.se_context", set_config_lsm_se_context, get_config_lsm_se_context, clr_config_lsm_se_context, }, - { "lxc.cgroup", set_config_cgroup, get_config_cgroup, clr_config_cgroup, }, - { "lxc.id_map", set_config_idmaps, get_config_idmaps, clr_config_idmaps, }, - { "lxc.loglevel", set_config_loglevel, get_config_loglevel, clr_config_loglevel, }, - { "lxc.logfile", set_config_logfile, get_config_logfile, clr_config_logfile, }, - { "lxc.mount.entry", set_config_mount, get_config_mount, clr_config_mount, }, - { "lxc.mount.auto", set_config_mount_auto, get_config_mount_auto, clr_config_mount_auto, }, - { "lxc.mount", set_config_fstab, get_config_fstab, clr_config_fstab, }, - { "lxc.rootfs.mount", set_config_rootfs_mount, get_config_rootfs_mount, clr_config_rootfs_mount, }, - { "lxc.rootfs.options", set_config_rootfs_options, get_config_rootfs_options, clr_config_rootfs_options, }, - { "lxc.rootfs.backend", set_config_rootfs_backend, get_config_rootfs_backend, clr_config_rootfs_backend, }, - { "lxc.rootfs", set_config_rootfs, get_config_rootfs, clr_config_rootfs, }, - { "lxc.pivotdir", set_config_pivotdir, get_config_pivotdir, clr_config_pivotdir, }, - { "lxc.utsname", set_config_utsname, get_config_utsname, clr_config_utsname, }, - { "lxc.hook.pre-start", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook.pre-mount", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook.mount", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook.autodev", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook.start", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook.stop", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook.post-stop", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook.clone", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook.destroy", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.hook", set_config_hooks, get_config_hooks, clr_config_hooks, }, - /* legacy network keys */ - { "lxc.network.type", set_config_network_legacy_type, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.flags", set_config_network_legacy_flags, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.link", set_config_network_legacy_link, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.name", set_config_network_legacy_name, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.macvlan.mode", set_config_network_legacy_macvlan_mode, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.veth.pair", set_config_network_legacy_veth_pair, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.script.up", set_config_network_legacy_script_up, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.script.down", set_config_network_legacy_script_down, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.hwaddr", set_config_network_legacy_hwaddr, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.mtu", set_config_network_legacy_mtu, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.vlan.id", set_config_network_legacy_vlan_id, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.ipv4.gateway", set_config_network_legacy_ipv4_gateway, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.ipv4", set_config_network_legacy_ipv4, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.ipv6.gateway", set_config_network_legacy_ipv6_gateway, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.ipv6", set_config_network_legacy_ipv6, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network.", set_config_network_legacy_nic, get_config_network_legacy_item, clr_config_network_legacy_item, }, - { "lxc.network", set_config_network_legacy, get_config_network_legacy, clr_config_network_legacy, }, + { "lxc.arch", set_config_personality, get_config_personality, clr_config_personality, }, + { "lxc.pts", set_config_pts, get_config_pts, clr_config_pts, }, + { "lxc.tty", set_config_tty, get_config_tty, clr_config_tty, }, + { "lxc.devttydir", set_config_ttydir, get_config_ttydir, clr_config_ttydir, }, + { "lxc.kmsg", set_config_kmsg, get_config_kmsg, clr_config_kmsg, }, + { "lxc.apparmor.profile", set_config_apparmor_profile, get_config_apparmor_profile, clr_config_apparmor_profile, }, + { "lxc.apparmor.allow_incomplete", set_config_apparmor_allow_incomplete, get_config_apparmor_allow_incomplete, clr_config_apparmor_allow_incomplete, }, + { "lxc.selinux.context", set_config_selinux_context, get_config_selinux_context, clr_config_selinux_context, }, - { "lxc.net.type", set_config_net_type, get_config_net_type, clr_config_net_type, }, - { "lxc.net.flags", set_config_net_flags, get_config_net_flags, clr_config_net_flags, }, - { "lxc.net.link", set_config_net_link, get_config_net_link, clr_config_net_link, }, - { "lxc.net.name", set_config_net_name, get_config_net_name, clr_config_net_name, }, - { "lxc.net.macvlan.mode", set_config_net_macvlan_mode, get_config_net_macvlan_mode, clr_config_net_macvlan_mode, }, - { "lxc.net.veth.pair", set_config_net_veth_pair, get_config_net_veth_pair, clr_config_net_veth_pair, }, - { "lxc.net.script.up", set_config_net_script_up, get_config_net_script_up, clr_config_net_script_up, }, - { "lxc.net.script.down", set_config_net_script_down, get_config_net_script_down, clr_config_net_script_down, }, - { "lxc.net.hwaddr", set_config_net_hwaddr, get_config_net_hwaddr, clr_config_net_hwaddr, }, - { "lxc.net.mtu", set_config_net_mtu, get_config_net_mtu, clr_config_net_mtu, }, - { "lxc.net.vlan.id", set_config_net_vlan_id, get_config_net_vlan_id, clr_config_net_vlan_id, }, - { "lxc.net.ipv4.gateway", set_config_net_ipv4_gateway, get_config_net_ipv4_gateway, clr_config_net_ipv4_gateway, }, - { "lxc.net.ipv4", set_config_net_ipv4, get_config_net_ipv4, clr_config_net_ipv4, }, - { "lxc.net.ipv6.gateway", set_config_net_ipv6_gateway, get_config_net_ipv6_gateway, clr_config_net_ipv6_gateway, }, - { "lxc.net.ipv6", set_config_net_ipv6, get_config_net_ipv6, clr_config_net_ipv6, }, - { "lxc.net.", set_config_net_nic, get_config_net_nic, clr_config_net_nic, }, - { "lxc.net", set_config_net, get_config_net, clr_config_net, }, + /* REMOVE IN LXC 3.0 + legacy security keys + */ + { "lxc.aa_profile", set_config_lsm_aa_profile, get_config_lsm_aa_profile, clr_config_lsm_aa_profile, }, + { "lxc.aa_allow_incomplete", set_config_lsm_aa_incomplete, get_config_lsm_aa_incomplete, clr_config_lsm_aa_incomplete, }, + { "lxc.se_context", set_config_lsm_se_context, get_config_lsm_se_context, clr_config_lsm_se_context, }, + { "lxc.cgroup", set_config_cgroup, get_config_cgroup, clr_config_cgroup, }, + { "lxc.id_map", set_config_idmaps, get_config_idmaps, clr_config_idmaps, }, + { "lxc.loglevel", set_config_loglevel, get_config_loglevel, clr_config_loglevel, }, + { "lxc.logfile", set_config_logfile, get_config_logfile, clr_config_logfile, }, + { "lxc.mount.entry", set_config_mount, get_config_mount, clr_config_mount, }, + { "lxc.mount.auto", set_config_mount_auto, get_config_mount_auto, clr_config_mount_auto, }, + { "lxc.mount", set_config_fstab, get_config_fstab, clr_config_fstab, }, + { "lxc.rootfs.mount", set_config_rootfs_mount, get_config_rootfs_mount, clr_config_rootfs_mount, }, + { "lxc.rootfs.options", set_config_rootfs_options, get_config_rootfs_options, clr_config_rootfs_options, }, + { "lxc.rootfs.backend", set_config_rootfs_backend, get_config_rootfs_backend, clr_config_rootfs_backend, }, + { "lxc.rootfs", set_config_rootfs, get_config_rootfs, clr_config_rootfs, }, + { "lxc.pivotdir", set_config_pivotdir, get_config_pivotdir, clr_config_pivotdir, }, + { "lxc.utsname", set_config_utsname, get_config_utsname, clr_config_utsname, }, + { "lxc.hook.pre-start", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook.pre-mount", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook.mount", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook.autodev", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook.start", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook.stop", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook.post-stop", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook.clone", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook.destroy", set_config_hooks, get_config_hooks, clr_config_hooks, }, + { "lxc.hook", set_config_hooks, get_config_hooks, clr_config_hooks, }, - { "lxc.cap.drop", set_config_cap_drop, get_config_cap_drop, clr_config_cap_drop, }, - { "lxc.cap.keep", set_config_cap_keep, get_config_cap_keep, clr_config_cap_keep, }, - { "lxc.console.logfile", set_config_console_logfile, get_config_console_logfile, clr_config_console_logfile, }, - { "lxc.console", set_config_console, get_config_console, clr_config_console, }, - { "lxc.seccomp", set_config_seccomp, get_config_seccomp, clr_config_seccomp, }, - { "lxc.include", set_config_includefiles, get_config_includefiles, clr_config_includefiles, }, - { "lxc.autodev", set_config_autodev, get_config_autodev, clr_config_autodev, }, - { "lxc.haltsignal", set_config_haltsignal, get_config_haltsignal, clr_config_haltsignal, }, - { "lxc.rebootsignal", set_config_rebootsignal, get_config_rebootsignal, clr_config_rebootsignal, }, - { "lxc.stopsignal", set_config_stopsignal, get_config_stopsignal, clr_config_stopsignal, }, - { "lxc.start.auto", set_config_start, get_config_start, clr_config_start, }, - { "lxc.start.delay", set_config_start, get_config_start, clr_config_start, }, - { "lxc.start.order", set_config_start, get_config_start, clr_config_start, }, - { "lxc.monitor.unshare", set_config_monitor, get_config_monitor, clr_config_monitor, }, - { "lxc.group", set_config_group, get_config_group, clr_config_group, }, - { "lxc.environment", set_config_environment, get_config_environment, clr_config_environment, }, - { "lxc.init_cmd", set_config_init_cmd, get_config_init_cmd, clr_config_init_cmd, }, - { "lxc.init_uid", set_config_init_uid, get_config_init_uid, clr_config_init_uid, }, - { "lxc.init_gid", set_config_init_gid, get_config_init_gid, clr_config_init_gid, }, - { "lxc.ephemeral", set_config_ephemeral, get_config_ephemeral, clr_config_ephemeral, }, - { "lxc.syslog", set_config_syslog, get_config_syslog, clr_config_syslog, }, - { "lxc.no_new_privs", set_config_no_new_privs, get_config_no_new_privs, clr_config_no_new_privs, }, - { "lxc.limit", set_config_limit, get_config_limit, clr_config_limit, }, + /* REMOVE IN LXC 3.0 + legacy security keys + */ + { "lxc.network.type", set_config_network_legacy_type, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.flags", set_config_network_legacy_flags, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.link", set_config_network_legacy_link, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.name", set_config_network_legacy_name, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.macvlan.mode", set_config_network_legacy_macvlan_mode, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.veth.pair", set_config_network_legacy_veth_pair, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.script.up", set_config_network_legacy_script_up, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.script.down", set_config_network_legacy_script_down, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.hwaddr", set_config_network_legacy_hwaddr, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.mtu", set_config_network_legacy_mtu, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.vlan.id", set_config_network_legacy_vlan_id, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.ipv4.gateway", set_config_network_legacy_ipv4_gateway, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.ipv4", set_config_network_legacy_ipv4, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.ipv6.gateway", set_config_network_legacy_ipv6_gateway, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.ipv6", set_config_network_legacy_ipv6, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network.", set_config_network_legacy_nic, get_config_network_legacy_item, clr_config_network_legacy_item, }, + { "lxc.network", set_config_network_legacy, get_config_network_legacy, clr_config_network_legacy, }, + + { "lxc.net.type", set_config_net_type, get_config_net_type, clr_config_net_type, }, + { "lxc.net.flags", set_config_net_flags, get_config_net_flags, clr_config_net_flags, }, + { "lxc.net.link", set_config_net_link, get_config_net_link, clr_config_net_link, }, + { "lxc.net.name", set_config_net_name, get_config_net_name, clr_config_net_name, }, + { "lxc.net.macvlan.mode", set_config_net_macvlan_mode, get_config_net_macvlan_mode, clr_config_net_macvlan_mode, }, + { "lxc.net.veth.pair", set_config_net_veth_pair, get_config_net_veth_pair, clr_config_net_veth_pair, }, + { "lxc.net.script.up", set_config_net_script_up, get_config_net_script_up, clr_config_net_script_up, }, + { "lxc.net.script.down", set_config_net_script_down, get_config_net_script_down, clr_config_net_script_down, }, + { "lxc.net.hwaddr", set_config_net_hwaddr, get_config_net_hwaddr, clr_config_net_hwaddr, }, + { "lxc.net.mtu", set_config_net_mtu, get_config_net_mtu, clr_config_net_mtu, }, + { "lxc.net.vlan.id", set_config_net_vlan_id, get_config_net_vlan_id, clr_config_net_vlan_id, }, + { "lxc.net.ipv4.gateway", set_config_net_ipv4_gateway, get_config_net_ipv4_gateway, clr_config_net_ipv4_gateway, }, + { "lxc.net.ipv4", set_config_net_ipv4, get_config_net_ipv4, clr_config_net_ipv4, }, + { "lxc.net.ipv6.gateway", set_config_net_ipv6_gateway, get_config_net_ipv6_gateway, clr_config_net_ipv6_gateway, }, + { "lxc.net.ipv6", set_config_net_ipv6, get_config_net_ipv6, clr_config_net_ipv6, }, + { "lxc.net.", set_config_net_nic, get_config_net_nic, clr_config_net_nic, }, + { "lxc.net", set_config_net, get_config_net, clr_config_net, }, + { "lxc.cap.drop", set_config_cap_drop, get_config_cap_drop, clr_config_cap_drop, }, + { "lxc.cap.keep", set_config_cap_keep, get_config_cap_keep, clr_config_cap_keep, }, + { "lxc.console.logfile", set_config_console_logfile, get_config_console_logfile, clr_config_console_logfile, }, + { "lxc.console", set_config_console, get_config_console, clr_config_console, }, + { "lxc.seccomp", set_config_seccomp, get_config_seccomp, clr_config_seccomp, }, + { "lxc.include", set_config_includefiles, get_config_includefiles, clr_config_includefiles, }, + { "lxc.autodev", set_config_autodev, get_config_autodev, clr_config_autodev, }, + { "lxc.haltsignal", set_config_haltsignal, get_config_haltsignal, clr_config_haltsignal, }, + { "lxc.rebootsignal", set_config_rebootsignal, get_config_rebootsignal, clr_config_rebootsignal, }, + { "lxc.stopsignal", set_config_stopsignal, get_config_stopsignal, clr_config_stopsignal, }, + { "lxc.start.auto", set_config_start, get_config_start, clr_config_start, }, + { "lxc.start.delay", set_config_start, get_config_start, clr_config_start, }, + { "lxc.start.order", set_config_start, get_config_start, clr_config_start, }, + { "lxc.monitor.unshare", set_config_monitor, get_config_monitor, clr_config_monitor, }, + { "lxc.group", set_config_group, get_config_group, clr_config_group, }, + { "lxc.environment", set_config_environment, get_config_environment, clr_config_environment, }, + { "lxc.init_cmd", set_config_init_cmd, get_config_init_cmd, clr_config_init_cmd, }, + { "lxc.init_uid", set_config_init_uid, get_config_init_uid, clr_config_init_uid, }, + { "lxc.init_gid", set_config_init_gid, get_config_init_gid, clr_config_init_gid, }, + { "lxc.ephemeral", set_config_ephemeral, get_config_ephemeral, clr_config_ephemeral, }, + { "lxc.syslog", set_config_syslog, get_config_syslog, clr_config_syslog, }, + { "lxc.no_new_privs", set_config_no_new_privs, get_config_no_new_privs, clr_config_no_new_privs, }, + { "lxc.limit", set_config_limit, get_config_limit, clr_config_limit, }, }; struct signame { @@ -1585,14 +1594,16 @@ static int set_config_kmsg(const char *key, const char *value, return 0; } -static int set_config_lsm_aa_profile(const char *key, const char *value, - struct lxc_conf *lxc_conf, void *data) +static int set_config_apparmor_profile(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) { return set_config_string_item(&lxc_conf->lsm_aa_profile, value); } -static int set_config_lsm_aa_incomplete(const char *key, const char *value, - struct lxc_conf *lxc_conf, void *data) +static int set_config_apparmor_allow_incomplete(const char *key, + const char *value, + struct lxc_conf *lxc_conf, + void *data) { /* Set config value to default. */ if (lxc_config_value_empty(value)) { @@ -1613,8 +1624,8 @@ static int set_config_lsm_aa_incomplete(const char *key, const char *value, return 0; } -static int set_config_lsm_se_context(const char *key, const char *value, - struct lxc_conf *lxc_conf, void *data) +static int set_config_selinux_context(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) { return set_config_string_item(&lxc_conf->lsm_se_context, value); } @@ -2615,17 +2626,6 @@ int lxc_fill_elevated_privileges(char *flaglist, int *flags) return 0; } -static inline int lxc_get_conf_int(struct lxc_conf *c, char *retv, int inlen, - int v) -{ - if (!retv) - inlen = 0; - else - memset(retv, 0, inlen); - - return snprintf(retv, inlen, "%d", v); -} - /* Write out a configuration file. */ void write_config(FILE *fout, struct lxc_conf *c) { @@ -3100,16 +3100,6 @@ static int get_config_tty(const char *key, char *retv, int inlen, return lxc_get_conf_int(c, retv, inlen, c->tty); } -static inline int lxc_get_conf_str(char *retv, int inlen, const char *value) -{ - if (!value) - return 0; - if (retv && inlen >= strlen(value) + 1) - strncpy(retv, value, strlen(value) + 1); - - return strlen(value); -} - static int get_config_ttydir(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { @@ -3122,21 +3112,22 @@ static int get_config_kmsg(const char *key, char *retv, int inlen, return lxc_get_conf_int(c, retv, inlen, c->kmsg); } -static int get_config_lsm_aa_profile(const char *key, char *retv, int inlen, - struct lxc_conf *c, void *data) +static int get_config_apparmor_profile(const char *key, char *retv, int inlen, + struct lxc_conf *c, void *data) { return lxc_get_conf_str(retv, inlen, c->lsm_aa_profile); } -static int get_config_lsm_aa_incomplete(const char *key, char *retv, int inlen, - struct lxc_conf *c, void *data) +static int get_config_apparmor_allow_incomplete(const char *key, char *retv, + int inlen, struct lxc_conf *c, + void *data) { return lxc_get_conf_int(c, retv, inlen, c->lsm_aa_allow_incomplete); } -static int get_config_lsm_se_context(const char *key, char *retv, int inlen, - struct lxc_conf *c, void *data) +static int get_config_selinux_context(const char *key, char *retv, int inlen, + struct lxc_conf *c, void *data) { return lxc_get_conf_str(retv, inlen, c->lsm_se_context); } @@ -3710,23 +3701,24 @@ static inline int clr_config_kmsg(const char *key, struct lxc_conf *c, return 0; } -static inline int clr_config_lsm_aa_profile(const char *key, struct lxc_conf *c, - void *data) +static inline int clr_config_apparmor_profile(const char *key, + struct lxc_conf *c, void *data) { free(c->lsm_aa_profile); c->lsm_aa_profile = NULL; return 0; } -static inline int clr_config_lsm_aa_incomplete(const char *key, - struct lxc_conf *c, void *data) +static inline int clr_config_apparmor_allow_incomplete(const char *key, + struct lxc_conf *c, + void *data) { c->lsm_aa_allow_incomplete = 0; return 0; } -static inline int clr_config_lsm_se_context(const char *key, struct lxc_conf *c, - void *data) +static inline int clr_config_selinux_context(const char *key, + struct lxc_conf *c, void *data) { free(c->lsm_se_context); c->lsm_se_context = NULL; diff --git a/src/lxc/confile_network_legacy.c b/src/lxc/confile_legacy.c similarity index 92% rename from src/lxc/confile_network_legacy.c rename to src/lxc/confile_legacy.c index 14aef21ea..7f86cdb0e 100644 --- a/src/lxc/confile_network_legacy.c +++ b/src/lxc/confile_legacy.c @@ -46,7 +46,7 @@ #include "config.h" #include "confile.h" #include "confile_utils.h" -#include "confile_network_legacy.h" +#include "confile_legacy.h" #include "utils.h" #include "log.h" #include "conf.h" @@ -59,7 +59,7 @@ #include <../include/ifaddrs.h> #endif -lxc_log_define(lxc_confile_network_legacy, lxc); +lxc_log_define(lxc_confile_legacy, lxc); /* * Config entry is something like "lxc.network.0.ipv4" the key 'lxc.network.' @@ -1003,3 +1003,79 @@ inline int clr_config_network_legacy(const char *key, struct lxc_conf *c, void * { return lxc_clear_config_network(c); } + +inline int clr_config_lsm_aa_profile(const char *key, struct lxc_conf *c, + void *data) +{ + free(c->lsm_aa_profile); + c->lsm_aa_profile = NULL; + return 0; +} + +inline int clr_config_lsm_aa_incomplete(const char *key, struct lxc_conf *c, + void *data) +{ + c->lsm_aa_allow_incomplete = 0; + return 0; +} + +int get_config_lsm_aa_profile(const char *key, char *retv, int inlen, + struct lxc_conf *c, void *data) +{ + return lxc_get_conf_str(retv, inlen, c->lsm_aa_profile); +} + +int get_config_lsm_aa_incomplete(const char *key, char *retv, int inlen, + struct lxc_conf *c, void *data) +{ + return lxc_get_conf_int(c, retv, inlen, + c->lsm_aa_allow_incomplete); +} + +int set_config_lsm_aa_profile(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) +{ + return set_config_string_item(&lxc_conf->lsm_aa_profile, value); +} + +int set_config_lsm_aa_incomplete(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) +{ + /* Set config value to default. */ + if (lxc_config_value_empty(value)) { + lxc_conf->lsm_aa_allow_incomplete = 0; + return 0; + } + + /* Parse new config value. */ + if (lxc_safe_uint(value, &lxc_conf->lsm_aa_allow_incomplete) < 0) + return -1; + + if (lxc_conf->lsm_aa_allow_incomplete > 1) { + ERROR("Wrong value for lxc.lsm_aa_allow_incomplete. Can only " + "be set to 0 or 1"); + return -1; + } + + return 0; +} + +int set_config_lsm_se_context(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) +{ + return set_config_string_item(&lxc_conf->lsm_se_context, value); +} + +int get_config_lsm_se_context(const char *key, char *retv, int inlen, + struct lxc_conf *c, void *data) +{ + return lxc_get_conf_str(retv, inlen, c->lsm_se_context); +} + +inline int clr_config_lsm_se_context(const char *key, struct lxc_conf *c, + void *data) +{ + free(c->lsm_se_context); + c->lsm_se_context = NULL; + return 0; +} diff --git a/src/lxc/confile_network_legacy.h b/src/lxc/confile_legacy.h similarity index 78% rename from src/lxc/confile_network_legacy.h rename to src/lxc/confile_legacy.h index 55cb2a125..cbe6ce8bc 100644 --- a/src/lxc/confile_network_legacy.h +++ b/src/lxc/confile_legacy.h @@ -21,8 +21,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#ifndef __LXC_CONFILE_NETWORK_LEGACY_H -#define __LXC_CONFILE_NETWORK_LEGACY_H +#ifndef __LXC_CONFILE_LEGACY_H +#define __LXC_CONFILE_LEGACY_H #include #include @@ -78,4 +78,23 @@ extern int lxc_list_nicconfigs_legacy(struct lxc_conf *c, const char *key, extern int lxc_listconfigs(char *retv, int inlen); extern bool network_new_hwaddrs(struct lxc_conf *conf); -#endif + +extern int set_config_lsm_aa_profile(const char *, const char *, + struct lxc_conf *, void *); +extern int get_config_lsm_aa_profile(const char *, char *, int, + struct lxc_conf *, void *); +extern int clr_config_lsm_aa_profile(const char *, struct lxc_conf *, void *); + +extern int set_config_lsm_aa_incomplete(const char *, const char *, + struct lxc_conf *, void *); +extern int get_config_lsm_aa_incomplete(const char *, char *, int, + struct lxc_conf *, void *); +extern int clr_config_lsm_aa_incomplete(const char *, struct lxc_conf *, + void *); + +extern int set_config_lsm_se_context(const char *, const char *, + struct lxc_conf *, void *); +extern int get_config_lsm_se_context(const char *, char *, int, + struct lxc_conf *, void *); +extern int clr_config_lsm_se_context(const char *, struct lxc_conf *, void *); +#endif /* __LXC_CONFILE_LEGACY_H */ diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c index d2df78a45..4c6f1117f 100644 --- a/src/lxc/confile_utils.c +++ b/src/lxc/confile_utils.c @@ -582,3 +582,23 @@ bool new_hwaddr(char *hwaddr) return true; } + +int lxc_get_conf_str(char *retv, int inlen, const char *value) +{ + if (!value) + return 0; + if (retv && inlen >= strlen(value) + 1) + strncpy(retv, value, strlen(value) + 1); + + return strlen(value); +} + +int lxc_get_conf_int(struct lxc_conf *c, char *retv, int inlen, int v) +{ + if (!retv) + inlen = 0; + else + memset(retv, 0, inlen); + + return snprintf(retv, inlen, "%d", v); +} diff --git a/src/lxc/confile_utils.h b/src/lxc/confile_utils.h index 67762d2c8..5831df5c2 100644 --- a/src/lxc/confile_utils.h +++ b/src/lxc/confile_utils.h @@ -81,5 +81,7 @@ extern int network_ifname(char **valuep, const char *value); extern int rand_complete_hwaddr(char *hwaddr); extern void update_hwaddr(const char *line); extern bool new_hwaddr(char *hwaddr); +extern int lxc_get_conf_str(char *retv, int inlen, const char *value); +extern int lxc_get_conf_int(struct lxc_conf *c, char *retv, int inlen, int v); #endif /* __LXC_CONFILE_UTILS_H */ diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 0a784e90d..3de4fb90e 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -47,7 +47,7 @@ #include "config.h" #include "commands.h" #include "confile.h" -#include "confile_network_legacy.h" +#include "confile_legacy.h" #include "console.h" #include "criu.h" #include "log.h" diff --git a/src/tests/parse_config_file.c b/src/tests/parse_config_file.c index 3fcfdd50e..6618596c6 100644 --- a/src/tests/parse_config_file.c +++ b/src/tests/parse_config_file.c @@ -328,20 +328,54 @@ int main(int argc, char *argv[]) goto non_test_error; } - /* lxc.aa_profile */ + /* REMOVE IN LXC 3.0 + legacy security keys + */ if (set_get_compare_clear_save_load(c, "lxc.aa_profile", "unconfined", tmpf, true) < 0) { lxc_error("%s\n", "lxc.aa_profile"); goto non_test_error; } - /* lxc.aa_allow_incomplete */ + /* REMOVE IN LXC 3.0 + legacy security keys + */ if (set_get_compare_clear_save_load(c, "lxc.aa_allow_incomplete", "1", tmpf, true) < 0) { lxc_error("%s\n", "lxc.aa_allow_incomplete"); goto non_test_error; } + /* REMOVE IN LXC 3.0 + legacy security keys + */ + if (set_get_compare_clear_save_load(c, "lxc.se_context", "system_u:system_r:lxc_t:s0:c22", + tmpf, true) < 0) { + lxc_error("%s\n", "lxc.apparmor.se_context"); + goto non_test_error; + } + + /* lxc.apparmor.profile */ + if (set_get_compare_clear_save_load(c, "lxc.apparmor.profile", "unconfined", + tmpf, true) < 0) { + lxc_error("%s\n", "lxc.apparmor.profile"); + goto non_test_error; + } + + /* lxc.apparmor.allow_incomplete */ + if (set_get_compare_clear_save_load(c, "lxc.apparmor.allow_incomplete", "1", + tmpf, true) < 0) { + lxc_error("%s\n", "lxc.apparmor.allow_incomplete"); + goto non_test_error; + } + + /* lxc.selinux.context */ + if (set_get_compare_clear_save_load(c, "lxc.selinux.context", "system_u:system_r:lxc_t:s0:c22", + tmpf, true) < 0) { + lxc_error("%s\n", "lxc.apparmor.selinux.context"); + goto non_test_error; + } + /* lxc.cgroup.cpuset.cpus */ if (set_get_compare_clear_save_load(c, "lxc.cgroup.cpuset.cpus", "1-100", tmpf, false) < 0) { From 26a38fb6aab5cc0519bf81828ae5e71273dc74f6 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 23 Jun 2017 15:38:02 +0200 Subject: [PATCH 2/3] confile: remove lxc.kmsg Signed-off-by: Christian Brauner --- doc/lxc.container.conf.sgml.in | 19 ----------------- src/lxc/conf.c | 33 ---------------------------- src/lxc/conf.h | 1 - src/lxc/confile.c | 39 ---------------------------------- src/tests/parse_config_file.c | 7 ------ 5 files changed, 99 deletions(-) diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index 745ccd8a3..de3f5b5e2 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -791,25 +791,6 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - - Enable kmsg symlink - - Enable creating /dev/kmsg as symlink to /dev/console. This defaults to 0. - - - - - - - - - Set this to 1 to enable /dev/kmsg symlinking. - - - - - - Mount points diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 7ecfc82ec..c5281b056 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1632,33 +1632,6 @@ static int lxc_setup_console(const struct lxc_rootfs *rootfs, return lxc_setup_ttydir_console(rootfs, console, ttydir); } -static int setup_kmsg(const struct lxc_rootfs *rootfs, - const struct lxc_console *console) -{ - char kpath[MAXPATHLEN]; - int ret; - - if (!rootfs->path) - return 0; - ret = snprintf(kpath, sizeof(kpath), "%s/dev/kmsg", rootfs->mount); - if (ret < 0 || ret >= sizeof(kpath)) - return -1; - - ret = unlink(kpath); - if (ret && errno != ENOENT) { - SYSERROR("error unlinking %s", kpath); - return -1; - } - - ret = symlink("console", kpath); - if (ret) { - SYSERROR("failed to create symlink for kmsg"); - return -1; - } - - return 0; -} - static void parse_mntopt(char *opt, unsigned long *flags, char **data) { struct mount_opt *mo; @@ -2667,7 +2640,6 @@ struct lxc_conf *lxc_conf_init(void) free(new); return NULL; } - new->kmsg = 0; new->logfd = -1; lxc_list_init(&new->cgroup); lxc_list_init(&new->network); @@ -4206,11 +4178,6 @@ int lxc_setup(struct lxc_handler *handler) return -1; } - if (lxc_conf->kmsg) { - if (setup_kmsg(&lxc_conf->rootfs, &lxc_conf->console)) // don't fail - ERROR("failed to setup kmsg for '%s'", name); - } - if (!lxc_conf->is_execute && setup_dev_symlinks(&lxc_conf->rootfs)) { ERROR("failed to setup /dev symlinks for '%s'", name); return -1; diff --git a/src/lxc/conf.h b/src/lxc/conf.h index 495d6486f..24659b54b 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -351,7 +351,6 @@ struct lxc_conf { int haltsignal; // signal used to halt container int rebootsignal; // signal used to reboot container int stopsignal; // signal used to hard stop container - unsigned int kmsg; // if 1, create /dev/kmsg symlink char *rcfile; // Copy of the top level rcfile we read // Logfile and logleve can be set in a container config file. diff --git a/src/lxc/confile.c b/src/lxc/confile.c index cfad6c5a8..fec1d5638 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -87,12 +87,6 @@ static int get_config_ttydir(const char *, char *, int, struct lxc_conf *, void *); static int clr_config_ttydir(const char *, struct lxc_conf *, void *); -static int set_config_kmsg(const char *, const char *, struct lxc_conf *, - void *); -static int get_config_kmsg(const char *, char *, int, struct lxc_conf *, - void *); -static int clr_config_kmsg(const char *, struct lxc_conf *, void *); - static int set_config_apparmor_profile(const char *, const char *, struct lxc_conf *, void *); static int get_config_apparmor_profile(const char *, char *, int, @@ -428,7 +422,6 @@ static struct lxc_config_t config[] = { { "lxc.pts", set_config_pts, get_config_pts, clr_config_pts, }, { "lxc.tty", set_config_tty, get_config_tty, clr_config_tty, }, { "lxc.devttydir", set_config_ttydir, get_config_ttydir, clr_config_ttydir, }, - { "lxc.kmsg", set_config_kmsg, get_config_kmsg, clr_config_kmsg, }, { "lxc.apparmor.profile", set_config_apparmor_profile, get_config_apparmor_profile, clr_config_apparmor_profile, }, { "lxc.apparmor.allow_incomplete", set_config_apparmor_allow_incomplete, get_config_apparmor_allow_incomplete, clr_config_apparmor_allow_incomplete, }, { "lxc.selinux.context", set_config_selinux_context, get_config_selinux_context, clr_config_selinux_context, }, @@ -1575,25 +1568,6 @@ static int set_config_ttydir(const char *key, const char *value, NAME_MAX + 1); } -static int set_config_kmsg(const char *key, const char *value, - struct lxc_conf *lxc_conf, void *data) -{ - /* Set config value to default. */ - if (lxc_config_value_empty(value)) { - lxc_conf->kmsg = 0; - return 0; - } - - /* Parse new config value. */ - if (lxc_safe_uint(value, &lxc_conf->kmsg) < 0) - return -1; - - if (lxc_conf->kmsg > 1) - return -1; - - return 0; -} - static int set_config_apparmor_profile(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { @@ -3106,12 +3080,6 @@ static int get_config_ttydir(const char *key, char *retv, int inlen, return lxc_get_conf_str(retv, inlen, c->ttydir); } -static int get_config_kmsg(const char *key, char *retv, int inlen, - struct lxc_conf *c, void *data) -{ - return lxc_get_conf_int(c, retv, inlen, c->kmsg); -} - static int get_config_apparmor_profile(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { @@ -3694,13 +3662,6 @@ static inline int clr_config_ttydir(const char *key, struct lxc_conf *c, return 0; } -static inline int clr_config_kmsg(const char *key, struct lxc_conf *c, - void *data) -{ - c->kmsg = 0; - return 0; -} - static inline int clr_config_apparmor_profile(const char *key, struct lxc_conf *c, void *data) { diff --git a/src/tests/parse_config_file.c b/src/tests/parse_config_file.c index 6618596c6..3836a361c 100644 --- a/src/tests/parse_config_file.c +++ b/src/tests/parse_config_file.c @@ -321,13 +321,6 @@ int main(int argc, char *argv[]) goto non_test_error; } - /* lxc.kmsg */ - if (set_get_compare_clear_save_load(c, "lxc.kmsg", "1", tmpf, true) < - 0) { - lxc_error("%s\n", "lxc.kmsg"); - goto non_test_error; - } - /* REMOVE IN LXC 3.0 legacy security keys */ From 39b8f404dcac37eef9bfd0dce5765dbc31a83c1f Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 23 Jun 2017 15:39:00 +0200 Subject: [PATCH 3/3] confile: remove lxc.pivotdir Signed-off-by: Christian Brauner --- config/templates/common.conf.in | 3 --- src/lxc/conf.h | 1 - src/lxc/confile.c | 26 -------------------------- templates/lxc-cirros.in | 1 - 4 files changed, 31 deletions(-) diff --git a/config/templates/common.conf.in b/config/templates/common.conf.in index c1deadec1..fdfd79068 100644 --- a/config/templates/common.conf.in +++ b/config/templates/common.conf.in @@ -12,9 +12,6 @@ lxc.tty = 4 # Drop some harmful capabilities lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio -# Set the pivot directory -lxc.pivotdir = lxc_putold - # Ensure hostname is changed on clone lxc.hook.clone = @LXCHOOKDIR@/clonehostname diff --git a/src/lxc/conf.h b/src/lxc/conf.h index 24659b54b..4bf0aa56f 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -285,7 +285,6 @@ enum { /* * Defines the global container configuration * @rootfs : root directory to run the container - * @pivotdir : pivotdir path, if not set default will be used * @mount : list of mount points * @tty : numbers of tty * @pts : new pts instance diff --git a/src/lxc/confile.c b/src/lxc/confile.c index fec1d5638..6d17bb7f3 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -172,12 +172,6 @@ static int get_config_rootfs(const char *, char *, int, struct lxc_conf *, void *); static int clr_config_rootfs(const char *, struct lxc_conf *, void *); -static int set_config_pivotdir(const char *, const char *, struct lxc_conf *, - void *); -static int get_config_pivotdir(const char *, char *, int, struct lxc_conf *, - void *); -static int clr_config_pivotdir(const char *, struct lxc_conf *, void *); - static int set_config_utsname(const char *, const char *, struct lxc_conf *, void *); static int get_config_utsname(const char *, char *, int, struct lxc_conf *, @@ -444,7 +438,6 @@ static struct lxc_config_t config[] = { { "lxc.rootfs.options", set_config_rootfs_options, get_config_rootfs_options, clr_config_rootfs_options, }, { "lxc.rootfs.backend", set_config_rootfs_backend, get_config_rootfs_backend, clr_config_rootfs_backend, }, { "lxc.rootfs", set_config_rootfs, get_config_rootfs, clr_config_rootfs, }, - { "lxc.pivotdir", set_config_pivotdir, get_config_pivotdir, clr_config_pivotdir, }, { "lxc.utsname", set_config_utsname, get_config_utsname, clr_config_utsname, }, { "lxc.hook.pre-start", set_config_hooks, get_config_hooks, clr_config_hooks, }, { "lxc.hook.pre-mount", set_config_hooks, get_config_hooks, clr_config_hooks, }, @@ -2338,13 +2331,6 @@ static int set_config_rootfs_backend(const char *key, const char *value, return set_config_string_item(&lxc_conf->rootfs.bdev_type, value); } -static int set_config_pivotdir(const char *key, const char *value, - struct lxc_conf *lxc_conf, void *data) -{ - WARN("lxc.pivotdir is ignored. It will soon become an error."); - return 0; -} - static int set_config_utsname(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { @@ -3337,12 +3323,6 @@ static int get_config_rootfs_backend(const char *key, char *retv, int inlen, return lxc_get_conf_str(retv, inlen, c->rootfs.bdev_type); } -static int get_config_pivotdir(const char *key, char *retv, int inlen, - struct lxc_conf *c, void *data) -{ - return 0; -} - static int get_config_utsname(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { @@ -3765,12 +3745,6 @@ static inline int clr_config_rootfs_backend(const char *key, struct lxc_conf *c, return 0; } -static inline int clr_config_pivotdir(const char *key, struct lxc_conf *c, - void *data) -{ - return 0; -} - static inline int clr_config_utsname(const char *key, struct lxc_conf *c, void *data) { diff --git a/templates/lxc-cirros.in b/templates/lxc-cirros.in index 395416ba2..1bfedda50 100644 --- a/templates/lxc-cirros.in +++ b/templates/lxc-cirros.in @@ -119,7 +119,6 @@ cat >> "$path/config" <